Apple issued a patch on Tuesday for the iPhone and iPod Touch that plugs five holes, including several that could allow an attacker to take control of the device remotely.

Three of the vulnerabilities could allow someone to run code remotely, if an iPhone or iPod Touch user opened malicious audio or image files, or accessed a malicious FTP (File Transfer Protocol) server, Apple said.

Another vulnerability could allow someone with physical access to one of the devices to bypass the passcode on a locked device and access the data.

The patch affects iPhone OS 3.1.3 and iPhone OS 3.1.3 for iPod Touch.
More information is on the Apple security Web page.

About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
See full bio